We are not denying the seriousness of Covid19 possible implications. Instead, we are looking behind this transitory pandemic smokescreen that hides potentially much bigger global problem – progressing cyberwarfare.
Cyberwarfare, what it is?
Like with many other terms, there is still worldwide debate if cyberwarfare exists. For those convinced that such a war exists, the next problem is how to define it. Hence, there are various definitions found in scientific and popular publications.
Generally, cyberwarfare is the use of digital technologies to attack a nation, causing all kinds of harm compared to the actual warfare damages. It involves the actions of primary nation-states actors aimed at the disruption of vital computer systems (e.g. critical national infrastructure) of another nation, causing damage, destruction or even death.
Cyberwarfare also includes information warfare, which needs no battlefield and is fought in cyberspace.
There is, however, another related but not synonymous term: virtual societal warfare. This is a novel phrase denoting a wide range of tactics – from deploying classic propaganda on social media to hijacking virtual and augmented reality systems. According to the Rand Corporation, in many cases, it may not be to cause physical harm. Instead, attackers use it to sow confusion and accelerate society’s loss of confidence in major social institutions.
The link between those two terms is hazardously obvious: the virtual societal warfare can easily escalate into cyberwarfare or even into a kinetic weapon response.
There are predictions that cyberwarfare will explode in 2020. Economically damaged by the Covid19 pandemic, many countries will resort to the cyberwarfare as it is the cheapest, easiest, fastest and most effective form of warfare and because cyberwarfare defences are more vulnerable than they have ever been.
“Cyberwarfare is a cost-effective solution to all sorts of problems – and opportunities: cyberwar-fare is a revenue stream, a new business model, digital transformation with its unique flavour”, believes the Forbs’ contributor Steve Andriole.
The US intelligence briefings regularly list Russia, China, Iran, and North Korea as the major cyber threat actors to worry about. These countries, on the other hand, perceive the US as the major cyberwar protagonist.
The Distributed Denial of Service (DDoS) attack was at the core of the attacks on Estonia in 2007. It is believed that the attack followed the relocation of a Soviet-era statue in Tallinn in April of 2007. Estonia allegedly fell under a politically motivated cyber attack campaign lasting twenty-two days and resulting in temporary degradation or loss of service on many commercial and government servers.
The Stuxnet attack on the Iranian uranium enrichment facilities is probably the most known and most commented cyberwarfare attack so far. In January 2010, inspectors with the International Atomic Energy Agency visiting the Natanz uranium enrichment plant in Iran noticed that centrifuges used to enrich uranium gas were failing at an unprecedented rate.
It is estimated that the Stuxnet worm destroyed 984 uranium enriching centrifuges and decreased Iranian uranium enrichment efficiency by 30%.
The actual attack on the Saudi Aramco, Saudi Arabia’s national oil firm, began during the Islamic holy month of Ramadan when most employees were on holiday. On the morning of Wednesday, 15 August 2012, the few employees noticed their computers were acting weird. Screens started flickering, files began to disappear and some computers just shut down without explanation.
The attack affected three in four of the estimated 40,000 workstations used by the oil giant. The company had put the network back online only 10 days after a malware attack unsettled 30,000 workstations.
Perhaps one of the most unexpected twists recently has been the use of weaponised ransomware to destroy data, reports ZDNet. The US, UK and several other governments blamed Russia for the NotPetya ransomware outbreak which caused havoc in mid-2017. Russia has denied its involvement and the White House described the incident as “the most destructive and costly cyberattack in history”. While the attack was most likely aimed at doing damage to computer systems in Ukraine it rapidly spread further and caused billions of dollars of damage, reflecting how easily cyber weapons can get beyond the control of their makers.
What will be next? It is to be seen this year, believe some cybersecurity experts. In that regard, the Covid19 pandemic economic effects might accelerate the cyberwarfare attacks. Particularly treacherous are the reciprocated accusations between the US and China regarding the virus origin
Common cyberwarfare threats and motivation
The cyberwarfare motivation and threats are usually carefully hidden from the public as the actors prefer stealth operations. Here are, however, a few common threats and motivations for the cyberwarfare attacks, according to the US Cybersecurity Magazine.
When thinking of a cyber threat, one often hears about credit cards being stolen, websites going down, or information being sold on the dark web. However, sabotage in the cyberwarfare sense involves targeting computers, satellites, or infrastructures that people rely on. Indeed, sabotage causes mass panic and disruption.
One notable example is the above mentioned Stuxnet attack but some common targets also include power grids, water systems, telecommunications, financial systems, health systems and military facilities.
Nobody regards most forms of espionage, cyber or not, as cyberwarfare in the traditional sense. However, when espionage exposes major nation-state powers, reacting forces often describe said espionage as an attack. As a result, tensions will heighten between the warring states. Therefore, espionage is often known as a ‘soft threat’, one that usually leads to larger threats.
Some known examples include America spying on other countries, as revealed by Edward Snowden or the NSA’s spying on Angela Merkel. The Office of Personnel Management Data Breach and Titan Rain are both solid examples of Chine ostensibly engaging in corporate espionage.
A Denial-of-Service (DoS) or the Distributed Denial of Services (DDoS) attack occurs when legitimate users are unable to access information or other network resources –as it happened in the above described Estonia 2007 attack, targeting high profile services.
Often, rival governments will employ these attacks to take down a competitor’s website. However, in more extreme cases, a state-sanctioned DoS or DDoS attacks could cripple an entire web of infrastructures. In many cases, these attacks link to the ransomware requests.
As time progresses, propaganda becomes more subtle and more insidious. More serious cases of social media manipulation, fake news websites, and online censorship qualify as a form of psychological warfare. These methods help create a distrust in the government. However, most notably, propaganda delegitimises social and political structures upon which cyber defences rely on.
The cyberwarfare propaganda can be found in the everyday news all over the world and is particularly practised by the most cyber potent states.
The Petya (NotPetya) cyberattacks (2017) caused large-scale economic disruptions in Ukraine. The WannaCry ransomware attacks on the UK’s National Health Service, pharmaceutical giant Merck, Maersk shipping company and other organisations around the world similarly caused enormous economic troubles. These attacks can also be categorised as financial cybercrime because they negatively affect a company or group.
Surprise Cyber Attack
The idea of a ‘cyber Pearl Harbour’ emerged in the United States cybersecurity debate in 1991. Over time, ‘cyber Pearl Harbour’ has had a largely stable meaning focused on catastrophic physical impacts from cyberattacks on critical infrastructure.
Former US Secretary of Defence Leon Panetta recently renewed his warnings about a looming ‘cyber Pearl Harbour’. Such a scenario, he said, could involve cyberattacks on critical infrastructure “costing lives” and “paralysing our country.” It is a warning he has trumpeted since at least 2012.
Though academic and industry experts have criticised this framing, government officials have continued to warn of a ‘cyber Pearl Harbour’ and news media have uncritically circulated their claims.
There are many sources, targets, and motivations behind cyberwarfare. Here some common ones.
Military motivation led to the establishment of cyber commands in many countries such as the US, UK, Russia, China, Israel, Iran or North Korea. The jobs within cyberwarfare branches have become very popular, and contribute to the cybersecurity job boom.
Civilian based attacks targetthe wider public and are usually linked to the propaganda or forming public opinion. Laptops, desktops, and increasingly mobile phones are common digital targets.
There is, however, warning that some more serious threats are coming. It might include hacking into self-driving cars, drones and other automated systems, electric grids, and major telecommunication systems. Our reliance on automation and computerisation will only serve to exacerbate these threats.
Hacktivism is usually motivated by political agenda so it can be confused for cyberwarfare. Hacktivists (e.g. Anonymous, Lizard Squad, and Masters of Deception) usually deploy DDoS attacks or sabotage to bring attention to their cause or spread their ideology. The hacktivism is coming from small protest groups, rather than nation-state actors but can be supplemental to the cyberwarfare.
We agree with the US Cybersecurity Magazine that cyberwarfare is a relatively new concept, which is yet to be explored and understood further strategically, operationally and ethically. The latter should also be concerned with finding a balance between legitimate defence and human rights violations. This will require the establishment of new policies and reaching an international consensus if we are to avoid cyberwarfare Armageddon.
We have recently argued the discussion on cybersecurity and cyberwarfare remained polarised as ever – so reaching the common resolution seems far better than entering into endless cyberwarfare retaliations that can bring only disastrous results.
The Covid19 pandemic also taught us that no one country is solely capable of fighting global threats. We should strive to develop, adopt and apply the cybersecurity and cyberwarfare confidence-building measures. We need a global cybersecurity treaty that can limit the effects of cybercrime and cyberwarfare.